Check out Sawmill to use with the Kiwi
product. Sawmill has been very useful
for me, it allows monitoring and
reporting on the Pix 501 I use as well
as on some web server applications.
They have a time-trial version so you
can see if it works for you. On the
plus side it can generate a lot of
useful reports via a web interface, on
demand, or automatically. For those who
are SQL skilled you can modify query the
database quite well. I would like to
see a little more functionality for
querying event by event (as is possible
with the Check Point reporting tool),
but I have never seen such a utility for
Pix.
Bill
On Fri, 15 Oct 2004 16:25:49 +1000,
"Jason Ha" wrote:Message-Id:
List-Help:
Thread-Topic: Analysis of logs in PIX
List-Unsubscribe:
From: "Jason Ha"
List-Id:
X-Mimeole: Produced By Microsoft
Exchange V6.0.6375.0
Date: Fri, 15 Oct 2004 16:25:49 +1000
Received: from n056.sc0.cp.net
(209.228.64.53) by n073.sc0.cp.net
(7.0.030.2)
id 4166B7C50009D6D4 for
bill@kennon.net; Fri, 15 Oct 2004
19:07:24 +0000
Received: from lists.securityfocus.com
(205.206.231.19) by n056.sc0.cp.net
(7.0.030.2)
id 414A137A00AA8A47 for
bill@kennon.net; Fri, 15 Oct 2004
19:07:24 +0000
Received: (qmail 27324 invoked by
alias); 15 Oct 2004 11:57:25 -0000
Received: (qmail 20432 invoked from
network); 15 Oct 2004 00:14:34 -0000
Mailing-List: contact
firewalls-help@securityfocus.com; run by
ezmlm
Thread-Index:
AcSxbLe//qAQRHFqQqalPNNNmG3czwBEpIkQ
Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature";
micalg=SHA1;
boundary="----=_NextPart_000_0126_01C4B2D3.A1826F20"
X-MS-Tnef-Correlator: List-Post:
Subject: RE: Analysis of logs in PIX
Content-Class:
urn:content-classes:message
X-MS-Has-Attach: yes
List-Subscribe:
X-No-Archive: yes
Precedence: bulk
Delivered-To: mailing list
firewalls@securityfocus.com
Delivered-To: moderator for
firewalls@securityfocus.com
Return-Path:
MIME-Version: 1.0
To: "Julio Crespo" ,
@page Section1 {size: 595.3pt 841.9pt;
margin: 70.85pt 3.0cm 70.85pt 3.0cm; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt;
FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt;
FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt;
FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION:
underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION:
underline
}
SPAN.EstiloCorreo17 {
COLOR: windowtext; FONT-FAMILY: Arial;
mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}
Julio,
Are you wanting a syslog server that can
receive syslogs
from your Cisco PIX?
Though there are many syslog servers out
there, one of the
ones I'd recommend you use is the kiwi
syslog service package:
www.kiwisyslog.com. Make sure you get
the
service version as opposed to the
standard one. Kiwisyslog is good because
it
contains a comprehensive set of
archiving options as well as other
viewers for
log collation etc.
Have you verified that logs are being
sent properly from
your PIX firewall? i.e. you have the
line logging host <interface> <ip
address> somewhere in there?
Good luck.
Regards,
Jason
From: Julio Crespo
[mailto:jcrespo@sigfe.cl]
Sent: Thursday, 14 October 2004 7:37
AMTo:
firewalls@securityfocus.comSubject:
Analysis of logs in
PIX
Hi, i have a syslog server in a
linux Red Hat machine received the log
of the Pix
Cisco.
Someone knows about how I can see
this logs? With a tool like a webtrends?
I try with this product but ( I
call to support?.but they can´t resolve
this) this is not compatible with my
cisco version.. :o(
Thanks!
